We’ve noticed a problem with our NetApp where if we make a change to a user’s groups via NIS the NetApp seems to take days to pick up the change.
This morning we added one of our users to an existing Linux group that’s under NIS control, we update the NIS maps as normal but then noticed that the user didn’t have access to the files protected by that group.
Looking into this further we can see that the user is in the group on any of our Linux clients, the user is ‘wrae’ and the group is called ‘facilities’:-
Let me hopefully save you a lot of troubleshooting time, I just went through this exact issue about a month ago.
By default, ONTAP rebuilds its local NIS group database once every 24 hours. You can see this by running the "vserver services name-service nis-domain group-database config show" command in diagnostic mode. You can also see the last build time of the local NIS group database by running the "vserver services name-service nis-domain group-database status" command.
You may want to change the frequency that ONTAP rebuilds this database - it can be done using the "vserver services name-service nis-domain group-database config modify -vserver <vserver_name> -state enabled -build-interval <interval_in_minutes>" command.
Alternatively, you could modify your ns-switch configuration to query NIS first and then local files second using the "vserver services name-service ns-switch modify" commands, supplying the appropriate values.